JWT Token Not Properly Verified - SAST High Severity Finding

[cx-constantino-antunes]

Hi, during a recent SAST scan I encountered a HIGH severity finding related to the router state manager. The ParseJWT function is not checking the token.Valid field which could potentially allow the use of manipulated or invalid tokens.

Looks like this could enable the use of expired tokens, but could you clarify what functionality would be impacted by this vulnerability?

Thanks in advance for your help!

[andrewpmartinez]

Thanks for the report, we will address this shorty.